import { Pipe, PipeTransform } from '@angular/core';
import { DomSanitizer } from '@angular/platform-browser';

/**
 * Bypass security and trust the given value to be safe HTML. Only use this when the bound HTML is unsafe (e.g. contains <script> tags)
 * and the code should be executed. The sanitizer will leave safe HTML intact, so in most situations this method should not be used.
 * WARNING: calling this method with untrusted user data exposes your application to XSS security risks!
 */
@Pipe({
    name: 'trustHtml'
})
export class TrustHtmlPipe implements PipeTransform {

    constructor(private domSanitizer: DomSanitizer) { }

    transform(value: any, args?: any): any {
        return this.domSanitizer.bypassSecurityTrustHtml(value);
    }

}
